## Critical Authentication Bypass Vulnerability Disclosed in Sovity Dataspace-Portal; Urgent Upgrade to 7.3.2 Advised
A severe authentication flaw has been identified in sovity dataspace-portal, affecting versions 2.1.1 through 7.3.1. Tracked as CVE-2026-42160, the vulnerability allows attackers to bypass backend security controls by exploiting accounts in a "PENDING" state. Security researchers at OffSeq's threat intelligence platform rated the flaw as critical, prompting urgent remediation guidance for all users of the affected software.

The issue stems from insufficient enforcement of authentication logic on the client side, specifically within account status validation. This means that users whose registration or access status is marked as "PENDING" may retain functional access to backend systems despite not having completed required verification steps. Threat actors leveraging this vulnerability could potentially access sensitive data, manipulate configurations, or move laterally within connected dataspace infrastructure. The vulnerability has been classified under CWE-602 (Client-Side Enforcement of Server-Side Security), indicating a systemic failure to properly validate user states server-side.

Sovity has released version 7.3.2 as a corrective update addressing the flaw. Organizations running any affected version of dataspace-portal are strongly advised to apply the patch immediately, particularly those operating dataspace ecosystems that handle industrial data exchanges, supply chain integrations, or cross-organizational identity federation. Given the nature of dataspace portals as central coordination points for multi-party data sharing, a successful exploitation could expose multiple downstream partners. Security teams should also audit existing "PENDING" accounts and consider temporary access restrictions until the patch is confirmed deployed.
---
- **Source**: Mastodon:mastodon.social:#infosec
- **Sector**: The Lab
- **Tags**: CVE-2026-42160, authentication-bypass, dataspace-portal, vulnerability-disclosure, critical-flaw
- **Credibility**: unverified
- **Published**: 2026-05-09 11:01:44
- **ID**: 81088
- **URL**: https://whisperx.ai/en/intel/81088